Rearrange nixos system config

hosts/darwin/home-default.nix

@@ -51,6 +51,11 @@
       preview = "open -a Preview";
       slide = "open -a SlidePilot";
       inkscape = "open -a Inkscape";
+
+      # Network monitoring aliases
+      bw = "sudo bandwhich";
+      bw-raw = "sudo bandwhich --raw";
+      bw-dns = "sudo bandwhich --show-dns";
       
   };
 
@@ -157,6 +162,7 @@
     netcat-gnu     # Network connection utility
     curl           # HTTP client
     wget           # Web downloader
+    bandwhich      # Terminal bandwidth utilization tool
     
     # Command-line utilities
     ncdu

hosts/nixos/home-default.nix

@@ -26,6 +26,11 @@
   # nixOS-specific alias
   programs.zsh.shellAliases = {
       oss = "sudo nixos-rebuild switch --flake ~/.config/nix#$(hostname)";
+
+      # Network monitoring aliases (no sudo needed - NixOS module handles permissions)
+      bw = "bandwhich";
+      bw-raw = "bandwhich --raw";
+      bw-dns = "bandwhich --show-dns";
   };
 
   home.packages = with pkgs; [

hosts/nixos/hs/system.nix

@@ -3,6 +3,7 @@
     ./hardware-configuration.nix
     ./containers.nix  # Host-specific container definitions
     ./proxy.nix       # Host-specific Traefik dynamic configuration
+    ../system-default.nix  # Common NixOS system configuration
     ../../../modules/wireguard.nix
     ../../../modules/podman.nix
     ../../../modules/traefik.nix
@@ -78,20 +79,11 @@
     firewall = { enable = false; };
   };
 
-  # Set your time zone
-  time.timeZone = "Europe/Copenhagen"; # Adjust to your timezone
 
-  # Select internationalisation properties
+  # Host-specific SSH configuration
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  # Enable the OpenSSH daemon
   services.openssh = {
-    enable = true;
     settings = {
-      PermitRootLogin = "yes";
+      PermitRootLogin = "yes";  # Allow root login for this server
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      AcceptEnv = "LANG LC_* TERM COLORTERM TMUX TMUX_PANE";
     };
     openFirewall = true;
   };
@@ -109,20 +101,15 @@
     ];
   };
 
-  # Optional: Create a regular user account
+  # Host-specific user configuration
   users.users.yanlin = {
-    isNormalUser = true;
-    description = "yanlin";
     extraGroups = [ "networkmanager" "wheel" ];
-    shell = pkgs.zsh;
     hashedPassword = "$6$8NUV0JK33hs3XBYe$osnYKzENDLYHQEpj8Z5F6ECpLdc8Y3RZcVGxQ0bc/6DepTwugAkfX8h6ItI01dJyk8RstiGsWVVCKGwXaL.sN.";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG35m0DgTrEOAM+1wAlYZ8mvLelNTcx65cFccGPQcxmo yanlin@imac"
     ];
   };
 
-  # Enable sudo for wheel group
-  security.sudo.wheelNeedsPassword = false;
 
   # Container auto-updater configuration
   services.containerUpdater = {
@@ -134,23 +121,10 @@
     gotifyToken = "Ac9qKFH5cA.7Yly";  # Same token as borg backups
   };
 
-  # List packages installed in system profile
+  # Host-specific packages
   environment.systemPackages = with pkgs; [
-    vim
-    git
-    htop
-    curl
-    wget
-    rsync
-    tmux
-    tree
-    lsof
-    tcpdump
-    iotop
     smartmontools # For monitoring disk health
     zfs # ZFS utilities
-    zsh # Shell
-    home-manager # Enable standalone home-manager command
     mergerfs # Union filesystem for combining multiple drives
     snapraid # Parity-based backup tool
   ];
@@ -224,14 +198,6 @@
   };
 
 
-  # Allow unfree packages globally
-  nixpkgs.config.allowUnfree = true;
-
-  # Enable zsh system-wide (required when set as user shell)
-  programs.zsh.enable = true;
-
-  # Enable experimental nix features
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # Samba file sharing configuration
   services.samba-custom = { enable = false; };
@@ -327,9 +293,4 @@
     };
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  system.stateVersion = "24.05"; # Did you read the comment?
 }

hosts/nixos/system-default.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+{
+  # Common NixOS system configuration shared across all hosts
+
+  # Time zone and localization
+  time.timeZone = "Europe/Copenhagen";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # Enable zsh system-wide (required when set as user shell)
+  programs.zsh.enable = true;
+
+  # Enable bandwhich network monitoring tool
+  programs.bandwhich.enable = true;
+
+  # Enable experimental nix features
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Allow unfree packages globally
+  nixpkgs.config.allowUnfree = true;
+
+  # Basic SSH configuration
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AcceptEnv = "LANG LC_* TERM COLORTERM TMUX TMUX_PANE";
+    };
+  };
+
+  # Common user configuration
+  users.users.yanlin = {
+    isNormalUser = true;
+    description = "yanlin";
+    shell = pkgs.zsh;
+  };
+
+  # Enable sudo for wheel group without password
+  security.sudo.wheelNeedsPassword = false;
+
+  # Common system packages
+  environment.systemPackages = with pkgs; [
+    # Essential command-line tools
+    vim
+    git
+    htop
+    curl
+    wget
+    rsync
+    tmux
+    tree
+    lsof
+    tcpdump
+    iotop
+    
+    # Shell and system management
+    zsh
+    home-manager
+  ];
+
+  # Default system state version
+  system.stateVersion = "24.05";
+}

hosts/nixos/thinkpad/system.nix

@@ -1,6 +1,7 @@
 { config, pkgs, lib, ... }: {
   imports = [
     ./hardware-configuration.nix
+    ../system-default.nix  # Common NixOS system configuration
     ../../../modules/wireguard.nix
     ../../../modules/borg-server.nix
     ../../../modules/smart-report.nix
@@ -100,9 +101,6 @@
     firewall.enable = false;
   };
 
-  # Time zone and localization
-  time.timeZone = "Europe/Copenhagen";
-  i18n.defaultLocale = "en_US.UTF-8";
 
   # Sound configuration with PipeWire (better than PulseAudio)
   services.pulseaudio.enable = false;
@@ -234,52 +232,33 @@
   # Enable CUPS for printing
   services.printing.enable = true;
 
-  # SSH service
+  # Host-specific SSH configuration
   services.openssh = {
-    enable = true;
     settings = {
-      PermitRootLogin = "no";
+      PermitRootLogin = "no";  # Disable root login for laptop
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
     };
   };
 
-  # User account
+  # Host-specific user configuration
   users.users.yanlin = {
-    isNormalUser = true;
-    description = "yanlin";
     extraGroups = [ "networkmanager" "wheel" "video" "audio" "input" ];
-    shell = pkgs.zsh;
     hashedPassword = "$6$kSyaRzAtj8VPcNeX$NsEP6zQAfp6O8YWcolfPRKnhIcJlKu5luZgWqozJAHtbE/gv90KoOOKU7Dt.FnbPB0Ej26jXoBH4X.7y/OLGB1";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICp2goZiuSfwMA02GsHhYzUZHrQPPBgP5sWSNP9kQR3e yanlin@imac"
     ];
   };
 
-  # Enable sudo for wheel group
-  security.sudo.wheelNeedsPassword = false;
 
   # Enable KDE Wallet auto-unlock via PAM
   security.pam.services.sddm.enableKwallet = true;
 
-  # System packages
+  # Host-specific packages
   environment.systemPackages = with pkgs; [
-    # Essential tools
+    # Additional system monitoring
-    vim
-    git
-    wget
-    curl
-    htop
     btop
     neofetch
-    tree
     unzip
     
-    # Development tools
-    tmux
-    zsh
-    home-manager
-    
     # KDE/Plasma utilities
     kdePackages.kate
     kdePackages.konsole
@@ -308,14 +287,6 @@
     smartmontools  # Disk health monitoring (SMART)
   ];
 
-  # Enable zsh
-  programs.zsh.enable = true;
-
-  # Enable experimental features
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  # Allow unfree packages (needed for NVIDIA drivers and Obsidian)
-  nixpkgs.config.allowUnfree = true;
 
   # Laptop-specific services
   services.acpid.enable = true;
@@ -380,8 +351,4 @@
     };
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken.
-  system.stateVersion = "24.05";
 }

hosts/nixos/vps/system.nix

@@ -3,6 +3,7 @@
     ./hardware-configuration.nix
     ./containers.nix  # Host-specific container definitions
     ./proxy.nix       # Host-specific Traefik dynamic configuration
+    ../system-default.nix  # Common NixOS system configuration
     ../../../modules/wireguard.nix
     ../../../modules/podman.nix
     ../../../modules/traefik.nix
@@ -30,19 +31,11 @@
     };
   };
 
-  # Set your time zone
-  time.timeZone = "Europe/Copenhagen";
 
-  # Select internationalisation properties
+  # Host-specific SSH configuration
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  # Enable the OpenSSH daemon
   services.openssh = {
-    enable = true;
     settings = {
       PermitRootLogin = "prohibit-password"; # Allow key-based root login for nixos-anywhere
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
     };
   };
 
@@ -53,45 +46,17 @@
     ];
   };
 
-  # Regular user account
+  # Host-specific user configuration
   users.users.yanlin = {
-    isNormalUser = true;
-    description = "yanlin";
     extraGroups = [ "wheel" ]; # Enable sudo
-    shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGVvviqbwBEGDIbAUnmgHQJi+N5Qfvo5u49biWl6R7oC yanlin@MacBook-Air"
     ];
   };
 
-  # Enable sudo for wheel group
-  security.sudo.wheelNeedsPassword = false;
 
-  # List packages installed in system profile
+  # No additional host-specific packages needed
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-    htop
-    curl
-    wget
-    rsync
-    tmux
-    tree
-    lsof
-    tcpdump
-    iotop
-    zsh
-    home-manager
-  ];
 
-  # Enable zsh system-wide (required when set as user shell)
-  programs.zsh.enable = true;
-
-  # Enable experimental nix features
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  # Allow unfree packages globally
-  nixpkgs.config.allowUnfree = true;
 
   # Borg backup configuration
   services.borgbackup-custom = {
@@ -157,9 +122,4 @@
     };
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  system.stateVersion = "24.05"; # Did you read the comment?
 }